Security researchers examining the first iOS 10 Developer Preview beta have discovered that Apple has taken the unusual step of leaving the new operating system’s kernel open to examination, according to a new report by MIT Technology Review. The iOS kernel — the heart of Apple’s mobile operating system — has always been encrypted in the past, making it more difficult for security researchers to reverse engineer the software to look for flaws or exploits in the code.
While the report speculates that it’s possible this may have been an oversight on Apple’s part for this first developer preview release, it would be difficult to believe that Apple’s engineers would make such a basic error, leading many researchers to speculate that this is actually a bold move by Apple to open up the operating system to more scrutiny by third parties.
Unlike encryption of personal data, encrypting the iOS kernel doesn’t inherently provide any better security for users of Apple’s mobile operating system. In fact, when it comes to companies obfuscating or encrypting their code, the very reverse is often true — fewer eyes examining the code means that there are fewer opportunities for the sort of “peer review” that many security researchers engage in — searching for flaws and exploits with an aim to improving security by raising awareness and reporting them back to the original operating system developer.
The report cites the recent San Bernardino FBI case as a possible reason for Apple’s change of heart in this regard, suggesting that an open iOS kernel would make it “harder for certain groups to hoard knowledge of vulnerabilities,” such as the still-undisclosed vulnerability that allowed a third-party to break into the San Bernardino iPhone, after Apple’s refusal to comply. Opening the iOS kernel to scrutiny would also increase Apple’s transparency where security and privacy are concerned, allowing Apple’s claims for its mobile operating system to be verified by independent security experts.
